IT Act: Rs 5 crore fine for data leak

October 18, 2006 13:12 IST

Any company found leaking sensitive information will be liable to pay damages of up to Rs 5 crore (Rs 50 million) to the affected party, says an amendment to the Information Technology Act, 2000. This will cover all sensitive data or information which a company may own, possess, control, or operate.

The decision of the Union Cabinet to amend the Act has come at a time when Prime Minister Manmohan Singh has assured investors abroad about India's sensitivity to their concerns on data theft.

The scope of Section 72 of the Act is also being expanded to provide for criminal liability in case of leak of information.

"This will prevent any intermediary and service provider, that has secured any material or information from a user entering into a contract with it, from passing it on to others without the consent of the user. Violations will invite imprisonment for a term of up to two years or fine of up to Rs 5 lakh (Rs 500,000) or both," an official of the department of information technology said.

The Cabinet has also approved a proposal to amend Section 43 of the IT Act, under which a person involved in hacking of computers will be liable for punishment of up to two years or fine of up to 5 lakh or both.

The department of information technology is also keen to reduce crime like e-commerce frauds through digital signatures and impersonation such as phishing, and identity theft.

It has proposed to insert a new section in the Indian Penal Code, under which the punishment for identity theft may be extended to two years and a fine, while the penalty for impersonation may be extended to 5 years and a fine.

Similarly, publication of sexually explicit material through computers or any other communication instrument will result in imprisonment of up to five years and a fine of Rs 10 lakh (Rs 1 million). Repeated violations will result in imprisonment of up to seven years and a fine of up to Rs 10 lakh.

The government has also proposed new rules for electronic signatures.

Further, the strength of the Cyber Appellate Tribunal is being increased to three from one member at present.